New net technologies present opportunities for more than just entrepreneurs and venture capitalists. Virus writers like them, too.

Almost every novel internet technology, from e-mail to peer-to-peer networks, has been exploited by virus writers and vandals keen to cause havoc.

Virus writers are locked in an endless struggle with anti-virus and security companies who are trying to guess which advance will be taken advantage of next.

Many anti-virus companies are adapting their tactics to protect customers and catch new viruses before they do too much damage.

Copycat killer

Whenever novel viruses appear, anti-virus companies work to produce a "pattern" file that tells their software how to spot and stop the malicious program.

12 months of virus interceptions

May 2002 - 560784

Apr 2002 - 469467

Mar 2002 - 169104

Feb 2002 - 135523

Jan 2002 - 241609

Dec 2001 - 479703

Nov 2001 - 268740

Oct 2001 - 164690

Sep 2001 - 204650

Aug 2001 - 229069

Jul 2001 - 144225

Jun 2001 - 60497

Figures from MessageLabs

One successful virus usually leads lots of other people to produce copycat programs that differ only slightly from the original.

Many anti-virus programs use rule-based techniques, called heuristics, to spot these variants.

Natasha Staley, a consultant at anti-virus firm Sophos, said these techniques helped limit the spread of the "H" version of the Klez e-mail worm.

This rule-based approach has also proved useful in combating the many e-mail viruses created after the Melissa outbreak in 1999.

"Melissa was one of the defining moments of virus writing," said Ms Staley.

Current figures show that 90% of all viruses in the wild are e-mail viruses that spread by using weaknesses in Microsoft mail programs.

But, said Ms Staley, if the rules used by anti-virus programs got too broad they would cause too many false alarms.

"There are an endless number of combinations available to virus writers," she said, "which is one of the reasons that heuristics are so difficult to do well."

Handy help

Andrew Armstrong, UK managing director of Trend Micro, said anti-virus companies were trying to break out of the infection-reaction cycle and help consumers and companies prevent virus infections spreading.

"The speed with which viruses are going around the world on the internet means that having a fix two hours later is a help, but it's too long," he said.

Even old viruses that travel by disk never truly die

According to figures from the Cooperative Association for Internet Data Analysis, the Code Red worm was infecting more than 2,000 new computers per minute at its peak.

Companies like Trend Micro now tell companies how to avoid infection before the patch for anti-virus software is finished.

Mr Armstrong said this advice usually took minutes to draw up and distribute. He likened the difference between giving advice and producing a patch to that between using a mosquito net and producing a cure for malaria.

Trend Micro is also producing tools for customers that help them work out the extent of a virus outbreak and clean up all the machines that have been infected.

Unfortunately, one of the main allies that virus writers have in their bid to spread the malicious programs are computer users themselves.

Exposed again

Ms Staley from Sophos said viruses that were years old regularly re-appeared because users did not do enough to protect themselves.

Even boot sector viruses that travel by floppy disk still occasionally break out.

"The Kak worm appeared in 1999 but is still infecting people," she said. "That's pretty incredible because every anti-virus program detects it."

Although many companies were putting anti-virus programs on e-mail gateways, web servers and desktop machines, said Ms Staley, the malicious programs still occasionally slipped through.

She urged people to regard with suspicion e-mail messages from strangers bearing attachments or with odd subject lines.